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AMENDMENTS TO THE CLAIMS 



CLAIMS: 



5 1. (currently amended) A distributed subscriber management method , for a user network f or 

performing controlling u ser authentication for an external network a t an access control nod e located 

between a plurality of user networks and , tfao o xtcrnal network being conn e cted to the acce ss 

control node by moans of an access netwo rk, the access network being connected to an exte rnal 

network having an access rights authentication serven-. the method c omprisin g the steps of: 

\ o (a) receiving, at an-me access control nod e, which is operatively 

connected to a-the plurality of user networks, a data unit from a user located on one of the plurality 
of user networks; 

(b) determining that-whether the data unit requires authentication; 
(o) authenticating the determined data unit; - 

15 (c\ if the data unit requires authentication, determ ining whether 

authentication data is locally stored on the access control node, 

(d) dotcmumng that the authenticated data unit is eligible for 

te ansmi s sion ? 

20 (d) if the authentication data is locally stored on th e access control node, 

authenticating the data unit thus preventing unnecessary tra ffic interchange between the access 
network and the plurality of user networks; 

(e) if the authentication data is not locally stored o n the access control 

node, determining whether the data unit is eligible for tra n smission to the external network; and 

25 (fl if the data unit is eligible for transmission, transm itting said data unit 

from the access control node to the authentication server of the external network. 
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2. (currently amended) The distributed subscriber management method as claimed in claim 1 , 
wherein ^authenticating step (d) i ncludes interrogating the user for access information. 

5 3. (currently amended) The distributed subscriber management method as claimed in claim 21, 
wherein the step (f) a uthenticating includes transmitting tho access information to an authentication 
nmvnr nf .in ext e rnal notwor k comprises a step of receiving, at the a ccess control node, an 
authentication message for said data unit from the authentica tion server to permit the user to access 
the external network. 

10 

4. (currently amended) The distributed subscriber management method as claimed in claim 31, 
wherein the step (b) comprises a step of searching the authentic ated data unit locally stored on the 
access control node. 

15 authenticating includes transmitting an authentication message from tho authentication oervcr to the 
access control node to permit the user to access tho external network. 



5. (currently amended) The distributed subscriber management method as claimed in claim 42, 
20 further including encrypting the access information at the access control node prior to transmitting 
the access information to ; and decrypting th o acc e ss information at t he authentication serve r of the 
external network . 

25 6. (currently amended) The distributed subscriber management method as claimed in claim 3, 
wherei n th e authentication server of tho external network employs remoto authentication dial in 
mm- r.orvice protoco l the step of receiving, at the access contro l node, the authentication message 
for said data unit comprises a step of storing authentica t ed data unit in a local authorization table oi 
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the access control node. 



7. (currently amended) The distributed subscriber management method as claimed in claim 36, 
wherein the step (V> comprises searching the authenticated data units stored in the local 

5 authorization table on the access control node t ho authentication server of tho external n e twork 
employs password authentication protocol . 

8. (currently_amended) The distributed subscriber management method as claimed in claim 3, 
wherein the step ffl comprises a step of communicatin g with the authentication server employing 

10 one or more of standard authentication protocols selecte d from the list consisting of remote 

authentication dial-in user service protocol, passwor d authentication protocol, challenge handshake 
authentication protocol, and terminal access controll e r access control system protocol authentication 
server of th o e xternal network employs challeng e handshak e authentication protocol . 

1 5 9. (currently amended) The distributed subscriber management method as claimed in claim 31, 

wherein the step (d) comprises employing one or more o f standard authentication protocols selected 
from the list consisting of remote authentication dial-in user service protocol password 
authentication protocol, challenge handshake authenti c ation protocol and terminal access controller 
access control system protocol at the access control nod e a uthentication s e rver of tho extern al 

20 network employs terminal access controller access control system . 

10. (currently amended) The distributed subscriber management method as claimed in claim 43, 
wherein the step (f) f urther jnetoda^jndud^acket4ate of the data unit. 

25 11. (currently amended) The distributed subscriber management method as claimed in claim 46, 
wherein the step of receiving the authentication message further in^udH^indud^determimng the 
contents of the authentication message at the access control node. 

12. (currently amended) The distributed subscriber management method as claimed in claim 441 
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wherein the step to comprises examining the content o f the authenticated data unit at the access 
control node further including dropping tho data unit if tho contents indicate rejection . 



5 13. (canceled) Tho distributed s ubscriber management method as claimed in cb im44i 

furthor including oxamining th o authentication message for authenticity. 

1 4. (original) The distributed subscriber management method as claimed in claim 1 , 
further including collecting statistical usage information at the access node. 

10 

1 5. (currently amended) An integrated access device, for placement between a user network and an 
external network, the external network having an access rights authentication server, the integrated 

access device c omprising: 

a user network interface for operatively connecting to a plurality of user 

1 5 networks to receive data units from the plurality of user networks; 

an authentication agent, operatively connected to the user network 

interface for locally a uthenticating, authorising a uthorizing a nd forwarding data units received from 

the plurality of user networks; 

an external network interface, operatively connected to the authentication 
20 agent, for forwarding data units locajly jmthorised a uthorized b y the authentication agent to aa-the 
external networ k; and 

means for communicating with the access ri ghts authentication server of 

the external network. 



25 



1 6. (original) An integrated access device as claimed in claim 1 5, wherein the user 

network interface includes a plurality of ingress cards and the external network interface includes an 
egress card. 
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17. (currently amended) An integrated access device as claimed in claim 1 5, wherein the 
authentication agent includes a local authorisation authorization t able for m^msms-a^onmg 
data units. 

5 

18. (original) An integrated access device as claimed in claim 15, wherein the 
authentication agent includes network address assignment and release means. 

19. (currently amended) An integrated access device as claimed in claim 1 5, further including 
10 service level enforcing m^ns-, network resource m a nagement means, means for statistical usage 

collection, and alarm monitoring means. 

19. (canceled) An intograt e d access device ao claimed in claim 15, further including 

network resource management mean s? 



15 



20. (canceled) An intograted access dovic e as claimed in claim 19, further including 

for statistical uoago collection me ans 



20 

2120. (currently amended) An integrated access device as claimed in claim 2017, further 
in-H^ g mnnit nrinp mennfl. w herein the mea n * far communicating with the access rights 

authentication server comprises: 

means for detenninine whether the data un it is eligible for transmission 

25 from the access control node to the authentication ser ver of the external network; 

means for transmitting the data unit from th e access control node to the 

authentication server of the external network; 
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means for receiving, at the access control node , an authentication 

message for said data unit from the authentication server to permit the user to acces s the external 
network: and 

means for storing authenticated data unit s in a local authorization table on 

5 the access control node. 

2 1 . (currently amended) An integrated access device as claimed in claim 1 5, wherein the 
authentication client -agent i ncludes a password authentication protocol-eHeat. 

10 22. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication eKeat -agent i ncludes a challenge handshake authentication protocol-elieat 

23. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication diea^age^includes a terminal access controller access control system-eheat. 

15 

24. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication etjeat -agent i ncludes a remote authentication dial-in user service protocol-elieat. 

25. (new) An access control node, for placement between a plurality of user 

20 networks and an access network, the access network b eing connected to an external network having 
an access rights authentication server, the access control node comprises the integ rated access 
device claimed in claim 15. 



